cs-onboard
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands like
cp -rf,Copy-Item, andgit mvto manage directory structures and deploy utility scripts from the skill package to the target project. - [PROMPT_INJECTION]: The skill processes untrusted data by performing a recursive search (glob) of markdown files in the repository to generate audit reports and migration mappings. This ingestion of external content into the agent's context creates a surface for indirect prompt injection. 1. Ingestion points: Global search of markdown files in the repository as described in SKILL.md. 2. Boundary markers: No explicit boundary markers or instruction-ignoring warnings are implemented for the content being audited to prevent the agent from following instructions found in those files. 3. Capability inventory: The skill can execute shell commands for file management and utilizes Python scripts for file system operations. 4. Sanitization: No explicit sanitization of the processed markdown content is specified before it is incorporated into the agent's context.
Audit Metadata